localhero
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the official
@localheroai/clipackage from the NPM registry. This is a standard vendor-provided resource used to interact with the Localhero.ai platform. - [COMMAND_EXECUTION]: Executes commands via the
@localheroai/clisuch astranslate,glossary, andsettings. These operations are used to automate translation management and retrieve project context. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads external data to perform its primary function.
- Ingestion points: Reads project configuration from
localhero.jsonand content from existing translation files (e.g., JSON, YAML, PO). - Boundary markers: Not present; the agent is instructed to follow existing naming conventions and style found in the source files.
- Capability inventory: The skill can execute CLI commands (performing network and file operations) and modify local source files.
- Sanitization: No explicit sanitization is performed on the ingested translation data.
- [SAFE]: No hardcoded credentials, obfuscated code, or unauthorized persistence mechanisms were detected. The skill follows recommended practices for managing API keys and environment variables.
Audit Metadata